last sync: 2024-Dec-06 18:53:17 UTC

[Deprecated]: Endpoint protection should be installed on your machines

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Endpoint protection should be installed on your machines
Id 1f7c564c-0a90-4d44-b7e1-9d456cffaee8
Version 1.1.0-deprecated
Details on versioning
Versioning Versions supported for Versioning: 2
1.0.0
1.1.0 (1.1.0-deprecated)
Built-in Versioning [Preview]
Category Security Center
Microsoft Learn
Description To protect your machines from threats and vulnerabilities, install a supported endpoint protection solution.
Mode All
Type BuiltIn
Preview False
Deprecated True
Effect Default
Disabled
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Security/assessments/status.code Microsoft.Security assessments properties.status.code True False
Rule resource types IF (3)
Microsoft.ClassicCompute/virtualMachines
Microsoft.Compute/virtualMachines
Microsoft.HybridCompute/machines
Compliance
The following 2 compliance controls are associated with this Policy definition '[Deprecated]: Endpoint protection should be installed on your machines' (1f7c564c-0a90-4d44-b7e1-9d456cffaee8)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
New_Zealand_ISM 14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 New_Zealand_ISM_14.1.9.C.01 14. Software security 14.1.9.C.01 Maintaining hardened SOEs n/a Agencies MUST ensure that for all servers and workstations: a technical specification is agreed for each platform with specified controls; a standard configuration created and updated for each operating system type and version; system users do not have the ability to install or disable software without approval; and installed software and operating system patching is up to date. 20
NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 Software security 14.1.9 Maintaining hardened SOEs Customer n/a Whilst a SOE can be sufficiently hardened when it is deployed, its security will progressively degrade over time. Agencies can address the degradation of the security of a SOE by ensuring that patches are continually applied, system users are not able to disable or bypass security functionality and antivirus and other security software is appropriately maintained with the latest signatures and updates. End Point Agents monitor traffic and apply security policies on applications, storage interfaces and data in real-time. Administrators actively block or monitor and log policy breaches. The End Point Agent can also create forensic monitoring to facilitate incident investigation. End Point Agents can monitor user activity, such as the cut, copy, paste, print, print screen operations and copying data to external drives and other devices. The Agent can then apply policies to limit such activity. link 15
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance Deprecated BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-10-31 18:50:28 change Minor, new suffix: deprecated (1.0.0 > 1.1.0-deprecated)
2021-08-30 14:27:30 add 1f7c564c-0a90-4d44-b7e1-9d456cffaee8
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC